package com.qf.config;

import com.qf.filter.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * --- 天道酬勤 ---
 *
 * @author QiuShiju
 * @desc
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    // 认证失败处理
    @Autowired
    private AuthenticationEntryPointImpl authenticationEntryPoint;
    //token过滤器
    @Autowired
    private JwtAuthenticationTokenFilter authenticationTokenFilter;
    // 访问拒绝处理
    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;
    // 新增代码，用于获取AuthenticationManager对象，在登录的业务层进行调用
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * 账户认证
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/hello","/world").anonymous()
                // 允许有指定权限访问
//                .antMatchers("/add").hasAuthority("system:user:add")
//                .antMatchers("/del").hasAuthority("system:user:del")
//                .antMatchers("/update").hasAuthority("system:user:edit")
//                .antMatchers("/list").hasAuthority("system:user:list")
//                // 只允许有这个角色访问
//                .antMatchers("/get").hasRole("超级管理员")
                // 匿名访问,放行
                .antMatchers("/img/**","/**/*.js","/user/login", "/**/*.css", "/user/register").permitAll()
                // 其他所有资源,认证后(登录)访问
                .antMatchers("/**").authenticated( );
        //运行post请求
        http.cors().and().csrf().disable();
        // 禁用session
        http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        // 认证失败处理
        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        // 访问拒绝处理
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);
        // 开启拦截器
        http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

    }
}
